Protect the Temporary Directory
Filter writes temporary files to the temporary directory. These temporary files frequently include the contents of files that Filter is processing, including decrypted parts of encrypted files. Sensitive information is therefore exposed in the temporary directory, so it is important that only users who are permitted to access this information can access the temporary directory.
By default, Filter uses the system temporary directory. Many other programs might use this directory, so OpenText recommends that you configure Filter to use another location, KVFLT_SETTEMPDIRECTORY
flag.
You can then protect the configured temporary directory by setting directory permissions to allow access only to sufficiently privileged users.